An Analysis of The Cloud Computing Security Problem

Size: px
Start display at page:

Download "An Analysis of The Cloud Computing Security Problem"

Transcription

1 In Proceedings of APSEC 2010 Cloud Workshop, Sydney, Australia, 30 th Nov An Analysis of The Cloud Computing Security Problem Mohamed Al Morsy, John Grundy and Ingo Müller Computer Science & Software Engineering, Faculty of Information & Communication Technologies Swinburne University of Technology, Hawthorn, Victoria, Australia {malmorsy, jgrundy, swin.edu.au Abstract Cloud computing is a new computational paradigm that offers an innovative business model for organizations to adopt IT without upfront investment. Despite the potential gains achieved from the cloud computing, the model security is still questionable which impacts the cloud model adoption. The security problem becomes more complicated under the cloud model as new dimensions have entered into the problem scope related to the model architecture, multi-tenancy, elasticity, and layers dependency stack. In this paper we introduce a detailed analysis of the cloud security problem. We investigated the problem from the cloud architecture perspective, the cloud offered characteristics perspective, the cloud stakeholders perspective, and the cloud service delivery models perspective. Based on this analysis we derive a detailed specification of the cloud security problem and key features that should be covered by any proposed security solution. Keywords: cloud computing; cloud computing security; cloud computing security management. I. INTRODUCTION Cloud computing provides the next generation of internetbased, highly scalable distributed computing systems in which computational resources are offered 'as a service'. The most widely used definition of the cloud computing model is introduced by NIST [1] as a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.. Multi-tenancy and elasticity are two key characteristics of the cloud model. Multi-Tenancy enables sharing the same service instance among different tenants. Elasticity enables scaling up and down resources allocated to a service based on the current service demands. Both characteristics focus on improving resource utilization, cost and service availability. The cloud model has motivated industry and academia to adopt cloud computing to host a wide spectrum of applications ranging from high computationally intensive applications down to light weight services. The model is also well-suited for small and medium businesses because it helps adopting IT without upfront investments in infrastructure, software licenses and other relevant requirements. Moreover, Governments become more interested in the possibilities of using cloud computing to reduce IT costs and increase capabilities and reachability of their delivered services. According to a Gartner survey [2] on cloud computing revenues, the cloud market was worth USD 58.6B in 2009, is expected to be USD 68B in 2010 and will reach USD 148B by These revenues imply that cloud computing is a promising platform. On the other hand, it increases the attackers interest in finding existing vulnerabilities in the model. Despite the potential benefits and revenues that could be gained from the cloud computing model, the model still has a lot of open issues that impact the model creditability and pervasiveness. Vendor lock-in, multi-tenancy and isolation, data management, service portability, elasticity engines, SLA management, and cloud security are well known open research problems in the cloud computing model. From the cloud consumers perspective, security is the major concern that hampers the adoption of the cloud computing model [3] because: Enterprises outsource security management to a third party that hosts their IT assets (loss of control). Co-existence of assets of different tenants in the same location and using the same instance of the service while being unaware of the strength of security controls used. The lack of security guarantees in the SLAs between the cloud consumers and the cloud providers. Hosting this set of valuable assets on publicly available infrastructure increases the probability of attacks. From the cloud providers perspective, security requires a lot of expenditures (security solutions licenses), resources (security is a resource consuming task), and is a difficult problem to master (as we discuss later). But skipping security from the cloud computing model roadmap will violate the expected revenues as explained above. So cloud providers have to understand consumers concerns and seek out new security solutions that resolve such concerns. In this paper we analyze existing challenges and issues involved in the cloud computing security problem. We group these issues into architecture-related issues, service delivery model-related issues, cloud characteristic-related issues, and cloud stakeholder-related issues. Our objective is to identify the weak points in the cloud model. We present a detailed analysis for each weakness to highlight their root causes. This will help cloud providers and security vendors to have a better understanding of the problem. It also helps researchers being aware of the existing problem dimensions and gaps. Our paper is organized as follows. In section II, we explore previous efforts in defining cloud security problems and challenges. Sections III to VII explore the cloud computing security problem from different perspectives. Section VIII discusses the key security enablers in the cloud model. Section IX summarizes our conclusions and what we believe are the key dimensions that should be covered by any cloud security solution. Finally, in section X we discuss the future work focusing on one of the discussed security enablers (cloud security management).

2 II. LITERATURE REVIEW Cloud computing security challenges and issues discussed by various researchers. The Cloud Computing Use Cases group [4] discusses the different use case scenarios and related requirements that may exist in the cloud computing model. They consider use cases from different perspectives including customers, developers and security engineers. ENISA [5] investigated the different security risks related to adopting cloud computing along with the affected assets, the risks likelihood, impacts, and vulnerabilities in cloud computing that may lead to such risks. Similar efforts discussed in Top Threats to Cloud Computing by CSA [6]. Balachandra et al [7] discuss the security SLA s specifications and objectives related to data locations, segregation and data recovery. Kresimir et al [8] discuss high level security concerns in the cloud computing model such as data integrity, payment, and privacy of sensitive information. Kresimir discussed different security management standards such as ITIL, ISO/IEC and Open Virtualization Format (OVF). Meiko et al [9] discuss the technical security issues arising from adopting the cloud computing model such as XML-attacks, Browsers related attacks, and flooding attacks. Bernd et al [10] discuss the security vulnerabilities existing in the cloud platform. The authors grouped the possible vulnerabilities into technology- related, cloud characteristics -related, security controls- related. Subashini et al [11] discuss the security challenges of the cloud service delivery model, focusing on the SaaS model. CSA [6] discusses critical areas of cloud computing. They deliver a set of best practices for the cloud provider, consumers and security vendors to follow in each domain. CSA published a set of detailed reports discussing for some of these domains. In our research we did a deep investigation in the cloud model to identify the root causes and key participating dimensions in such security issues/problems discussed by the previous work. This will help better to understand the problem and deliver solutions. III. THE CLOUD COMPUTING ARCHITECTURE AND SECURITY IMPLICATIONS The Cloud Computing model has three service delivery models and main three deployment models [1]. The deployment models are: (1) Private cloud: : a cloud platform is dedicated for specific organization, (2) Public cloud: a cloud platform available to public users to register and use the available infrastructure, and (3) Hybrid cloud: a private cloud that can extend to use resources in public clouds. Public clouds are the most vulnerable deployment model because they are available for public users to host their services who may be malicious users. The cloud service delivery models, as in figure1, include: - Infrastructure-as-a-service (IaaS):: where cloud providers deliver computation resources, storage and network as an internet-based services. This service model is based on the virtualization technology. Amazon EC2 is the most familiar IaaS provider. - Platform-as-a-service (PaaS): where cloud providers deliver platforms, tools and other business services that enable customers to develop, deploy, and manage their own applications, without installing any of these platforms or support tools on their local machines. The PaaS model may be hosted on top of IaaS model or on top of the cloud infrastructures directly. Google Apps and Microsoft Windows Azure are the most known PaaS. - Software-as-a-service service (SaaS): where cloud providers deliver applications hosted on the cloud infrastructure as internetbased service for end users, without requiring installing the applications on the customers computers. This model may be hosted on top of PaaS, IaaS or directly hosted on cloud infrastructure. SalesForce CRM is an example of the SaaS provider. Figure 1: cloud service delivery models Each service delivery model has different possible implementations, as in figure 1, which complicates the development of standard security model for each service delivery model. Moreover, these service delivery models may coexist in one cloud platform leading to further complication of the security management process. IV. CLOUD COMPUTING CHARACTERSTICS AND SECURITY IMPLICATIONS To achieve efficient utilization of resources, cloud providers need to increase their resource utilization while decreasing cost. At the same time consumers need to use resources as far as needed while being able to increase or decrease resources consumption based on actual demands. The cloud computing model meets such needs via a win-win solution by delivering two key characteristics: multi-tenancy and elasticity. Both characteristics turn out to have serious implications on the cloud model security. Multi-tenancy tenancy implies sharing of computational resources, storage, services, and applications with other tenants. Multitenancy has different realization approaches as shown in figure 2. In approach 1, each tenant has their own dedicated instance with their own customizations (customization may include special development to meet customer needs). In approach 2, each tenant uses a dedicated instance, like approach 1, while all instances are the same but with different configurations (adjustment of application parameters or interfaces). In approach 3, all tenants share the same instance with runtime configuration (the application is divided into core application component nt and extra components that are loaded based on the current tenant requests similar to SalesForce.com). In approach 4 tenants are directed to a load balancer that redirects tenants requests to a suitable instance based on current instances load. Approaches 3 and 4 are the most risky as tenants are coexisting on the same process in memory and

3 hardware. This sharing of resources violates the confidentiality of tenants IT assets which leads to the need for secure multi- tenancy. To deliver secure multi-tenancytenancy there should be isolation among tenants data (at rest, processing and transition) and location transparency where tenants have no knowledge or control over the specific location of their resources (may have high level control on data location such as country or region level), to avoid planned attacks that attempt to co-locate with the victim assets [12]. In IaaS, isolation should consider VMs storage, processing, memory, cache memories, and networks. In PaaS, isolation should cover isolatation among running services and APIs calls. In SaaS, isolation should isolate among transactions carried out on the same instance by different tenants and tenants data. covers the platform layers (such as application servers, web servers, IDEs, and other tools), and APIs and Services layers. The PaaS layer depends on the virtualization of resources as delivered by IaaS. The SaaS model covers applications and services offered as a service for end users, as shown in figure 3. The SaaS layer depends on a layer of platforms to host the services and a layer of virtualization to optimize resources utilization when delivering services to multi-tenant. Figure 2: Multi-tenancy tenancy approaches [13] Elasticity implies being able to scale up or down resources assigned to services based on the current demand. Scaling up and down of tenant s resources gives the opportunity to other tenants to use the tenant previously assigned resources. This may lead to confidentiality issues. For example, tenant A scaled down so it releases resources, these resources are now assigned to tenant B who in turn use it to deduce the previous contents of tenant A (similar to lag problem between DNS and DNS cache). Moreover, Elasticity includes a service placement engine that maintains a list of the available resources from the provider s offered resources pool. This list is used to allocate resources to services. Such placement engines should incorporate cloud consumers security and legal requirements such as avoid placing competitors services on the same server, data location should be within the tenants country boundaries. Placement engines may include a migration strategy where services are migrated from physical host to another or from cloud to another in order to meet demands and efficient utilization of the resources. This migration strategy should take into account the same security constraints. Furthermore, security requirements defined by service consumers should be migrated with the service and initiates a process to enforce security requirements on the new environment, as defined by cloud consumers, and updates the current cloud security model. V. CLOUD COMPUTING S DEEP DEPENDENNCIES STACK The cloud computing model depends on a deep stack of dependent layers of objects (VMs, APIs, Services and Applications) where the functionality and security of a higher layer depends on the lower ones. The IaaS model covers cloud physical infrastructure layer (storage, networks and servers), virtualization layer (hypervisors), and virtualized resources layer (VMs, virtual storage, virtual networks). The PaaS model Figure 3: Cloud computing model layers This deep dependency stack of cloud objects complicates the cloud security problem as the security of each object/layer depends on the security of the lower objects/layers. Furthermore, any breach to any cloud objects will impact the security of the whole cloud platform. Each cloud layer/object has a set of security requirements and vulnerabilities so it requires a set of security controls to deliver secured service. This results in a huge number of security controls that needs to be managed. Moreover, managing such heterogeneous security controls to meet security needs is a complex task, taking into account conflicts among the security requirements and among security controls at each layer. This may result in an inconsistent security model. Hence, a unified security control management module is required. This module should coordinate and integrate among the various layers security controls based on security needs. VI. CLOUD COMPUTING STAKEHOLDERS AND SECURITY IMPLICATIONS The cloud computing model has different involved stakeholders: cloud provider (an entity that delivers infrastructures to the cloud consumers), service provider (an entity that uses the cloud infrastructure to deliver applications/services to end users), and service consumer (an entity that uses services hosted on the cloud infrastructure). Each stakeholder has their own security management systems/processes and each one has their own expectations (requirements) and capabilities (delivered) from/to other stakeholders. This leads to: (1) A set of security requirements defined on a service by different tenants that may conflict with each other. So security configurations of each service should be maintained and enforced on the service instances level and at runtime taking into account the possibility of changing requirements based on current consumers needs to mitigate new risks; (2) Providers and consumers need to negotiate and agree on the applied security properties. However, no standard security specification notations are available that can be used by the cloud stakeholders to represent and reason about their

4 offered/required security properties; and (3) Each stakeholder has their own security management processes used to define their assets, expected risks and their impacts, and how to mitigate such risks. Adopting cloud model results in losing control from both involved parties, including cloud providers (who are not aware of the contents and security requirements of services hosted on their infrastructures) and cloud consumers (who are not able to control neither on their assets security nor on other services sharing the same resources). Security SLA management frameworks represent part of the solution related to security properties specification, enforcement and monitoring. However, SLAs still don t cover security attributes in their specifications [14]. Moreover, SLAs are high level contracts where the details of the security policies and security control and how to change at runtime are not included. On the other side, cloud providers are not able to deliver efficient and effective security controls because they are not aware of the hosted services architectures. Furthermore, cloud providers are faced with a lot of changes to security requirements while having a variety of security controls deployed that need to be updated. This further complicates the cloud providers security administrators tasks. Transparency of what security is enforced, what risks exist, and what breaches occur on the cloud platform and the hosted services must exist among cloud providers and consumers. This is what is called trust but verify [15], where cloud consumers should trust in their providers meanwhile cloud providers should deliver tools to help consumers to verify and monitor security enforcements. VII. CLOUD COMPUTING SERVICE DELIVERY MODELS AND SECURITY IMPLICATIONS We summarize the key security issues/vulnerabilities in each service delivery model. Some of these issues are the responsibility of cloud providers while others are the responsibility of cloud consumers. A. IaaS Issues VM security securing the VM operating systems and workloads from common security threats that affect traditional physical servers, such as malware and viruses, using traditional or cloud-oriented security solutions. The VM s security is the responsibility of cloud consumers. Each cloud consumer can use their own security controls based on their needs, expected risk level, and their own security management process. Securing VM images repository - unlike physical servers VMs are still under risk even when they are offline. VM images can be compromised by injecting malicious codes in the VM file or even stole the VM file itself. Secured VM images repository is the responsibilities of the cloud providers. Another issue related to VM templates is that such templates may retain the original owner information which may be used by a new consumer. Virtual network security - sharing of network infrastructure among different tenants within the same server (using vswitch) or in the physical networks will increase the possibility to exploit vulnerabilities in DNS servers, DHCP, IP protocol vulnerabilities, or even the vswitch software which result in network-based VM attacks. Securing VM boundaries - VMs have virtual boundaries compared with to physical server ones. VMs that co-exist on the same physical server share the same CPU, Memory, I/O, NIC, and others (i.e. there is no physical isolation among VM resources). Securing VM boundaries is the responsibility of the cloud provider. Hypervisor security - a hypervisor is the virtualizer that maps from physical resources to virtualized resources and vice versa. It is the main controller of any access to the physical server resources by VMs. Any compromise of the hypervisor violates the security of the VMs because all VMs operations become traced unencrypted. Hypervisor security is the responsibility of cloud providers and the service provider. In this case, the SP is the company that delivers the hypervisor software such as VMware or Xen. B. PaaS Security Issues SOA related security issues the PaaS model is based on the Service-oriented Architecture (SOA) model. This leads to inheriting all security issues that exist in the SOA domain such as DOS attacks, Man-in-the-middle attacks, XML-related attacks, Replay attacks, Dictionary attacks, Injection attacks and input validation related attacks [9, 16]. Mutual authentication, authorization and WS-Security standards are important to secure the cloud provided services. This security issue is a shared responsibility among cloud providers, service providers and consumers. API Security - PaaS may offer APIs that deliver management functions such as business functions, security functions, application management, etc. Such APIs should be provided with security controls and standards implemented, such as OAuth [17], to enforce consistent authentication and authorization on calls to such APIs. Moreover, there is a need for the isolation of APIs in memory. This issue is under the responsibility of the cloud service provider. C. SaaS Security Issues In the SaaS model enforcing and maintaining security is a shared responsibility among the cloud providers and service providers (software vendors). The SaaS model inherits the security issues discussed in the previous two models as it is built on top of both of them including data security management [11] (data locality, integrity, segregation, access, confidentiality, backups) and network security. Web application vulnerability scanning - web applications to be hosted on the cloud infrastructure should be validated and scanned for vulnerabilities using web application scanners [18]. Such scanners should be up to date with the recently discovered vulnerabilities and attack paths maintained in the National Vulnerability Database (NVD) and the Common Weaknesses Enumeration (CWE) [19]. Web application firewalls should be in place to mitigate existing/discovered vulnerabilities (examining HTTP requests and responses for applications specific vulnerabilities). The ten most critical web applications vulnerabilities in 2010 listed by OWASP [20] are injection, cross site scripting (Input validation) weaknesses.

5 Web application security miss-configuration and breaking - web application security miss-configuration or weaknesses in application-specific security controls is an important issue in SaaS. Security miss-configuration is also very critical with multi-tenancy where each tenant has their own security configurations that may conflict with each other leading to security holes. It is mostly recommended to depend on cloud provider security controls to enforce and manage security in a consistent, dynamic and robust way. D. Cloud Management Security Issues The Cloud Management Layer (CML) is the microkernel that can be extended to incorporate and coordinate different components. The CML components include SLA management, service monitoring, billing, elasticity, IaaS, PaaS, SaaS services registry, and security management of the cloud. Such a layer is very critical since any vulnerability or any breach of this layer will result in an adversary having control, like an administrator, over the whole cloud platform. This layer offers a set of APIs and services to be used by client applications to integrate with the cloud platform. This means that the same security issues of the PaaS model apply to the CML layer as well. E. Cloud Access Methods Security Issues Cloud computing is based on exposing resources over the internet. These resources can be accessed through (1) web browsers (HTTP/HTTPS), in case of web applications - SaaS; (2) SOAP, REST and RPC Protocols, in case of web services and APIs PaaS and CML APIs; (3) remote connections, VPN and FTP in case of VMs and storage services IaaS. Security controls should target vulnerabilities related to these protocols to protect data transferred between the cloud platform and the consumers. VIII. CLOUD COMPUTING SECURITY ENABLERS A. Identity & Access Management (IAM) and Federation Identity is a core of any security aware system. It allows the users, services, servers, clouds, and any other entities to be recognized by systems and other parties. Identity consists of a set of information associated with a specific entity. This information is relevant based on context. Identity should not disclose user personal information privacy. Cloud platforms should deliver or support a robust and consistent Identity management system. This system should cover all cloud objects and cloud users with corresponding identity context information. It should include: Identity Provisioning and deprovisioning, identity information privacy, identity linking, identity mapping, identity federation, identity attributes federation, single sign on, authentication and authorization. Such system should adopt existing standards, such as SPML, SAML, OAuth, and XACML, to securely federate identities among interacting entities within different domains and cloud platforms. B. Key Management Confidentiality is one of key objectives of the cloud computing security (CIA triad). Encryption is the main solution to the confidentiality objective, for data, processes and communications. Encryption algorithms either symmetric keybased or asymmetric are key-based. Both encryption approaches have a major problem related to encryption key management i.e. how to securely generate, store, access and exchange secrete keys. Moreover, PaaS requires application keys for all APIs and service calls from other applications. The applications keys must be maintained securely along with all other credentials required by the application to be able to access such APIs. C. Security Management Based on the huge number of cloud stakeholders, the deep dependency stack, and the large number of security controls to deliver security requirements, the cloud security management becomes a more complicated research problem. Security management needs to include security requirements and policies specifications, security controls configurations according to the policies specified, and feedback from the environment and security controls to the security management and the cloud stakeholders. Security management should function as a plug-in for CML. D. Secure Software Development Lifecycle The secure software development lifecycle (SDLC with security engineering activities) includes elicitation of the security requirements, threat modeling, augmentation of security requirements to the systems models and the generated code consequently. The cloud based applications will involve revolution in the lifecycles and tools used to build secure systems. The PaaS provides a set of reusable security enabling components to help developing secured cloud-based applications. Also security engineering of the cloud-based application should change to meet new security requirements imposed on such systems. Applications should support adaptive security (avoiding hardcoded security) to be able to meet vast range of consumers security requirements. Adaptive application security is based on externalizing/delegating the security enforcement and applications security management to the cloud security management, cloud security services and security controls. E. Security-Performance tradeoff optimization The cloud computing model is based on delivering services using SLAs. SLAs should cover objectives related to performance, reliability, and security. SLAs also define penalties that will be applied in case of SLA violation. Delivering high security level, as one of SLA objectives, means consuming much more resources that impact on the performance objective (the more adopted security tools and mechanism, the worst the impact on the performance of the underlying services). Cloud management should consider the trade-off between security and performance using utility functions for security and performance (least security unless stated otherwise). Moreover, we should focus on delivering adaptive security where security controls configurations are based on the current and expected threat level and considering other tradeoffs. F. Federation of security among multi-clouds When a consumer uses applications that depend on services from different clouds, he will need to maintain his security requirements enforced on both clouds and in between. The same case when multiple clouds integrate together to deliver a

6 bigger pool of resources or integrated services, their security requirements needs to be federated and enforced on different involved cloud platforms. IX. CONCLUSION The cloud computing model is one of the promising computing models for service providers, cloud providers and cloud consumers. But to best utilize the model we need to block the existing security holes. Based on the details explained above, we can summarize the cloud security problem as follows: Some of the security problems are inherited from the used technologies such as virtualization and SOA. Multi-tenancy and isolation is a major dimension in the cloud security problem that requires a vertical solution from the SaaS layer down to physical infrastructure (to develop physical alike boundaries among tenants instead of virtual boundaries currently applied). Security management is very critical to control and manage this number of requirements and controls. The cloud model should have a holistic security wrapper, as shown in figure 3, such that any access to any object of the cloud platform should pass through security components first. Based on this discussion we recommend that cloud computing security solutions should: Focus on the problem abstraction, using model-based approaches to capture different security views and link such views in a holistic cloud security model. Inherent in the cloud architecture. Where delivered mechanisms (such as elasticity engines) and APIs should provide flexible security interfaces. Support for: multi-tenancy where each user can see only his security configurations, elasticity, to scale up and down based on the current context. Support integration and coordination with other security controls at different layers to deliver integrated security. Be adaptive to meet continuous environment changes and stakeholders needs. X. FUTURE WORK We are investigating in the cloud security management problem. Our objective is to block the hole arise in the security management processes of the cloud consumers and the cloud providers from adopting the cloud model. To be able to resolve such problem we need to: (1) Capture different stakeholders security requirements from different perspectives and different levels of details; (2) Map security requirements to the cloud architecture, security patterns and security enforcement mechanisms; and (3) Deliver feedback about the current security status to the cloud providers and consumers. We propose to adopt an adaptive model-based approach in tackling the cloud security management problem. Models will help in the problem abstraction and the capturing of security requirements of different stakeholders at different levels of details. Adaptive-ness will help in delivering an integrated, dynamic and enforceable cloud security model. The feedback loop will measure the security status to help improving the current cloud security model and keeping cloud consumers aware with their assets security status (applying the trust but verify concept). REFERENCES [1] Peter Mell, and Tim Grance, "The NIST Definition of Cloud Computing," 2009, Accessed April [2] Frank Gens, Robert P Mahowald and Richard L Villars. (2009, IDC Cloud Computing [3] IDC, "IDC Ranking of issues of Cloud Computing model," ed, 2009, Accessed on July [4] Cloud Computing Use Case Discussion Group, "Cloud Computing Use Cases Version 3.0," [5] ENISA, "Cloud computing: benefits, risks and recommendations for information security," 2009, Accessed On July [6] Cloud Security Alliance (CSA). (2010). Available: [7] Balachandra Reddy Kandukuri, Ramakrishna Paturi and Atanu Rakshit, "Cloud Security Issues," in Proceedings of the 2009 IEEE International Conference on Services Computing, 2009, pp [8] Kresimir Popovic, Zeljko Hocenski, "Cloud computing security issues and challenges," in The Third International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services, 2010, pp [9] Meiko Jensen, Jörg Schwenk, Nils Gruschka and Luigi Lo Iacono, "On Technical Security Issues in Cloud Computing," in IEEE ICCC, Bangalore 2009, pp [10] Bernd Grobauer, Tobias Walloschek and Elmar Stöcker, "Understanding Cloud-Computing Vulnerabilities," IEEE Security and Privacy, vol. 99, [11] S. Subashini,,Kavitha, V., "A survey on security issues in service delivery models of cloud computing," Journal of Network and Computer Applications, vol. In Press, Corrected Proof. [12] Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage, "Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds," presented at the Proceedings of the 16th ACM conference on Computer and communications security, Chicago, Illinois, USA, [13] Microsoft. (2006, October, 2010). Multi-Tenant Data Architecture. Available: [14] Amazon. October, 2010). Amazon EC2 SLA. Available: [15] D. K. Holstein,, Stouffer, K., "Trust but Verify Critical Infrastructure Cyber Security Solutions," in HICSS 2010, pp [16] Z. Wenjun, "Integrated Security Framework for Secure Web Services," in IITSI 2010, pp [17] B. Wang, Huang He, Yuan, Liu Xiao, Xi, Xu Jing, Min, "Open Identity Management Framework for SaaS Ecosystem," in ICEBE '09. pp [18] F. Elizabeth,, Vadim, Okun, "Web Application Scanners: Definitions and Functions," in HICSS 2007, pp. 280b-280b. [19] NIST. October, (2010). National Vulnerability Database (NVD). Available: [20] OWASP. (2010, The Ten Most Critical Web Application Security Vulnerabilities. Available:

Efficient Appraisal of Cloud Computing Through Comprehensive Confrontation of Security Issues and Discrepancies Involved

Efficient Appraisal of Cloud Computing Through Comprehensive Confrontation of Security Issues and Discrepancies Involved Efficient Appraisal of Cloud Computing Through Comprehensive Confrontation of Security Issues and Discrepancies Involved Rajesh T 1, Vihari P 2 1 Department of ECE, 2 Department of ECE, K L University,Vaddeswaram

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Cloud Computing Dr. A. Askarunisa Professor and Head Vickram College of Engineering, Madurai, Tamilnadu, India N.Ganesh Sr.Lecturer Vickram College of Engineering, Madurai, Tamilnadu,

More information

SECURITY ISSUES IN CLOUD COMPUTINGAND ASSOCIATED MITIGATION TECHNIQUES

SECURITY ISSUES IN CLOUD COMPUTINGAND ASSOCIATED MITIGATION TECHNIQUES SECURITY ISSUES IN CLOUD COMPUTINGAND ASSOCIATED MITIGATION TECHNIQUES Vikas Teotia 1, Parutosh Sharma 2 1, 2 VR Siddhartha Engineering College, Andhra Pradesh (India) ABSTRACT Cloud computing is a new

More information

UNRESOLVED SECURITY ISSUES THREATENING THE CLOUD COMPUTING TECHNIQUE: A SURVEY

UNRESOLVED SECURITY ISSUES THREATENING THE CLOUD COMPUTING TECHNIQUE: A SURVEY UNRESOLVED SECURITY ISSUES THREATENING THE CLOUD COMPUTING TECHNIQUE: A SURVEY Puneet Kumar 1, Gaurav Tyagi 1 1,2 Computer Science Department,Sir Chhotu Ram Institute of Engineering & Technology, CCS University

More information

A Survey on Cloud Security Issues and Techniques

A Survey on Cloud Security Issues and Techniques A Survey on Cloud Security Issues and Techniques Garima Gupta 1, P.R.Laxmi 2 and Shubhanjali Sharma 3 1 Department of Computer Engineering, Government Engineering College, Ajmer Guptagarima09@gmail.com

More information

Security Considerations for Public Mobile Cloud Computing

Security Considerations for Public Mobile Cloud Computing Security Considerations for Public Mobile Cloud Computing Ronnie D. Caytiles 1 and Sunguk Lee 2* 1 Society of Science and Engineering Research Support, Korea rdcaytiles@gmail.com 2 Research Institute of

More information

Cloud Computing Security Issues And Methods to Overcome

Cloud Computing Security Issues And Methods to Overcome Cloud Computing Security Issues And Methods to Overcome Manas M N 1, Nagalakshmi C K 2, Shobha G 3 MTech, Computer Science & Engineering, RVCE, Bangalore, India 1,2 Professor & HOD, Computer Science &

More information

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts.

Tufts University. Department of Computer Science. COMP 116 Introduction to Computer Security Fall 2014 Final Project. Guocui Gao Guocui.gao@tufts. Tufts University Department of Computer Science COMP 116 Introduction to Computer Security Fall 2014 Final Project Investigating Security Issues in Cloud Computing Guocui Gao Guocui.gao@tufts.edu Mentor:

More information

Cloud Computing Security Issues and Challenges

Cloud Computing Security Issues and Challenges Cloud Computing Security Issues and Challenges Kuyoro S. O. Department of Computer Science Babcock University Ilishan-Remo, 240001, Nigeria Ibikunle F. Department of Computer Science Covenant University

More information

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING

SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING SECURITY CONCERNS AND SOLUTIONS FOR CLOUD COMPUTING 1. K.SURIYA Assistant professor Department of Computer Applications Dhanalakshmi Srinivasan College of Arts and Science for Womren Perambalur Mail: Surik.mca@gmail.com

More information

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST

Future of Cloud Computing. Irena Bojanova, Ph.D. UMUC, NIST Future of Cloud Computing Irena Bojanova, Ph.D. UMUC, NIST No Longer On The Horizon Essential Characteristics On-demand Self-Service Broad Network Access Resource Pooling Rapid Elasticity Measured Service

More information

Security Issues On Cloud Computing

Security Issues On Cloud Computing Security Issues On Cloud Computing Pratibha Tripathi #1, Mohammad Suaib #2 1 M.Tech(CSE), Second year 2 Research Guide # Department of Computer Science and Engineering Abstract Integral University, Lucknow

More information

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com

Introduction to Cloud Computing. Srinath Beldona srinath_beldona@yahoo.com Introduction to Cloud Computing Srinath Beldona srinath_beldona@yahoo.com Agenda Pre-requisites Course objectives What you will learn in this tutorial? Brief history Is cloud computing new? Why cloud computing?

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Security Issues In Cloud Computing and Countermeasures

Security Issues In Cloud Computing and Countermeasures Security Issues In Cloud Computing and Countermeasures Shipra Dubey 1, Suman Bhajia 2 and Deepika Trivedi 3 1 Department of Computer Science, Banasthali University, Jaipur, Rajasthan / India 2 Department

More information

Cloud Essentials for Architects using OpenStack

Cloud Essentials for Architects using OpenStack Cloud Essentials for Architects using OpenStack Course Overview Start Date 18th December 2014 Duration 2 Days Location Dublin Course Code SS906 Programme Overview Cloud Computing is gaining increasing

More information

Cloud-Security: Show-Stopper or Enabling Technology?

Cloud-Security: Show-Stopper or Enabling Technology? Cloud-Security: Show-Stopper or Enabling Technology? Fraunhofer Institute for Secure Information Technology (SIT) Technische Universität München Open Grid Forum, 16.3,. 2010, Munich Overview 1. Cloud Characteristics

More information

Architectural Implications of Cloud Computing

Architectural Implications of Cloud Computing Architectural Implications of Cloud Computing Grace Lewis Research, Technology and Systems Solutions (RTSS) Program Lewis is a senior member of the technical staff at the SEI in the Research, Technology,

More information

Capturing the New Frontier:

Capturing the New Frontier: Capturing the New Frontier: How Software Security Unlocks the Power of Cloud Computing Executive Summary Cloud computing is garnering a vast share of IT interest. Its promise of revolutionary cost savings

More information

Cloud Computing Architecture: A Survey

Cloud Computing Architecture: A Survey Cloud Computing Architecture: A Survey Abstract Now a day s Cloud computing is a complex and very rapidly evolving and emerging area that affects IT infrastructure, network services, data management and

More information

Integrated Security Architecture for Multitenant Environment of Public Cloud

Integrated Security Architecture for Multitenant Environment of Public Cloud Integrated Security Architecture for Multitenant Environment of Public Cloud Suresh Mohan Research Scholar, School of CSE, Vellore Institute of Technology University, Vellore, India Abstract This paper

More information

Security Issues in Cloud Computing

Security Issues in Cloud Computing Security Issues in Computing CSCI 454/554 Computing w Definition based on NIST: A model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources

More information

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS

ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS ITL BULLETIN FOR JUNE 2012 CLOUD COMPUTING: A REVIEW OF FEATURES, BENEFITS, AND RISKS, AND RECOMMENDATIONS FOR SECURE, EFFICIENT IMPLEMENTATIONS Shirley Radack, Editor Computer Security Division Information

More information

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM)

Security Management of Cloud-Native Applications. Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) Security Management of Cloud-Native Applications Presented By: Rohit Sharma MSc in Dependable Software Systems (DESEM) 1 Outline Context State-of-the-Art Design Patterns Threats to cloud systems Security

More information

Security & Trust in the Cloud

Security & Trust in the Cloud Security & Trust in the Cloud Ray Trygstad Director of Information Technology, IIT School of Applied Technology Associate Director, Information Technology & Management Degree Programs Cloud Computing Primer

More information

Cloud Security Risk Agreements for Small Businesses

Cloud Security Risk Agreements for Small Businesses Isaac Potoczny-Jones Galois, Inc. Portland, OR ijones@galois.com ABSTRACT Cloud computing can be particularly beneficial to small businesses since it can decrease the total cost of ownership for IT systems.

More information

International Journal of Engineering Research & Management Technology

International Journal of Engineering Research & Management Technology International Journal of Engineering Research & Management Technology Cloud Security Issues, Challenges And Their Optimal Solutions Vinay Kumar Pant M.Tech. (CSE) Subharti Institute of Technology and Engineering

More information

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master

Securing The Cloud. Foundational Best Practices For Securing Cloud Computing. Scott Clark. Insert presenter logo here on slide master Securing The Cloud Foundational Best Practices For Securing Cloud Computing Scott Clark Agenda Introduction to Cloud Computing What is Different in the Cloud? CSA Guidance Additional Resources 2 What is

More information

Security Issues In Cloud Computing And Their Solutions

Security Issues In Cloud Computing And Their Solutions Security Issues In Cloud Computing And Their Solutions Mr. Vinod K. Lalbeg Lecturer (Management), NWIMSR, Pune-1 & Ms. Anjali S. Mulik Lecturer (Management), NWIMSR, Pune-1 ABSTRACT Cloud Computing offers

More information

Review of Cloud Computing and future research

Review of Cloud Computing and future research Review of Cloud Computing and future research Computer Science, IIS University, India Abstract: Cloud computing is also referred to as the evolutionary offspring of distributed computing, parallel computing,

More information

Effective End-to-End Cloud Security

Effective End-to-End Cloud Security Effective End-to-End Cloud Security Securing Your Journey to the Cloud Trend Micro SecureCloud A Trend Micro & VMware White Paper August 2011 I. EXECUTIVE SUMMARY This is the first paper of a series of

More information

White Paper on CLOUD COMPUTING

White Paper on CLOUD COMPUTING White Paper on CLOUD COMPUTING INDEX 1. Introduction 2. Features of Cloud Computing 3. Benefits of Cloud computing 4. Service models of Cloud Computing 5. Deployment models of Cloud Computing 6. Examples

More information

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com

Bringing Cloud Security Down to Earth. Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Bringing Cloud Security Down to Earth Andreas M Antonopoulos Senior Vice President & Founding Partner www.nemertes.com Agenda About Nemertes Cloud Dynamics and Adoption Assessing Risk of Cloud Services

More information

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing

A Survey on Security Issues and Security Schemes for Cloud and Multi-Cloud Computing International Journal of Emerging Engineering Research and Technology Volume 3, Issue 5, May 2015, PP 1-7 ISSN 2349-4395 (Print) & ISSN 2349-4409 (Online) A Survey on Security Issues and Security Schemes

More information

The Analysis of Cloud Computing Major Security Concerns & Their Solutions

The Analysis of Cloud Computing Major Security Concerns & Their Solutions Journal of Information & Communication Technology Vol. 6, No. 2, (Fall 2012) 48-53 The Analysis of Cloud Computing Major Security Concerns & Their Solutions Farhat Sharif * Institute of Business and Technology

More information

Survey on Security Issues in Cloud Computing

Survey on Security Issues in Cloud Computing Survey on Security Issues in Cloud Computing Divya Sharma, Preeti Vaidya, Oves Khan Abstract Cloud Computing is a new technology that allows organizations and individuals to share resources, information

More information

Multi Tiered Security and Privacy- Enhancing Multi-cloud Environment

Multi Tiered Security and Privacy- Enhancing Multi-cloud Environment Multi Tiered Security and Privacy- Enhancing Multi-cloud Environment Akanksha Rana 1, Srinivas Arukonda 2 1 M.Tech Student, Computer Science Department, Galgotias University, India 2 Assistant Professor,

More information

Cloud Courses Description

Cloud Courses Description Courses Description 101: Fundamental Computing and Architecture Computing Concepts and Models. Data center architecture. Fundamental Architecture. Virtualization Basics. platforms: IaaS, PaaS, SaaS. deployment

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Top 10 Cloud Risks That Will Keep You Awake at Night

Top 10 Cloud Risks That Will Keep You Awake at Night Top 10 Cloud Risks That Will Keep You Awake at Night Shankar Babu Chebrolu Ph.D., Vinay Bansal, Pankaj Telang Photo Source flickr.com .. Amazon EC2 (Cloud) to host Eng. Lab testing. We want to use SalesForce.com

More information

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014

International Journal of Innovative Technology & Adaptive Management (IJITAM) ISSN: 2347-3622, Volume-1, Issue-5, February 2014 An Overview on Cloud Computing Services And Related Threats Bipasha Mallick Assistant Professor, Haldia Institute Of Technology bipasm@gmail.com Abstract. Cloud computing promises to increase the velocity

More information

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments

A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining Privacy in Multi-Cloud Environments IJSTE - International Journal of Science Technology & Engineering Volume 1 Issue 10 April 2015 ISSN (online): 2349-784X A Secure Strategy using Weighted Active Monitoring Load Balancing Algorithm for Maintaining

More information

IBM 000-281 EXAM QUESTIONS & ANSWERS

IBM 000-281 EXAM QUESTIONS & ANSWERS IBM 000-281 EXAM QUESTIONS & ANSWERS Number: 000-281 Passing Score: 800 Time Limit: 120 min File Version: 58.8 http://www.gratisexam.com/ IBM 000-281 EXAM QUESTIONS & ANSWERS Exam Name: Foundations of

More information

yvette@yvetteagostini.it yvette@yvetteagostini.it

yvette@yvetteagostini.it yvette@yvetteagostini.it 1 The following is merely a collection of notes taken during works, study and just-for-fun activities No copyright infringements intended: all sources are duly listed at the end of the document This work

More information

Service and Data Security for Multi Cloud Environment

Service and Data Security for Multi Cloud Environment Service and Data Security for Multi Cloud Environment Rajkumar B 1, Balamurugan K 2 M.Tech, Dept of IT, K.S.R. College of Engineering, Tamilnadu, India 1 Associate Professor, Dept of IT, K.S.R. College

More information

Overview of Cloud Computing (ENCS 691K Chapter 1)

Overview of Cloud Computing (ENCS 691K Chapter 1) Overview of Cloud Computing (ENCS 691K Chapter 1) Roch Glitho, PhD Associate Professor and Canada Research Chair My URL - http://users.encs.concordia.ca/~glitho/ Overview of Cloud Computing Towards a definition

More information

Addressing Data Security Challenges in the Cloud

Addressing Data Security Challenges in the Cloud Addressing Data Security Challenges in the Cloud Coordinate Security. The Need for Cloud Computing Security A Trend Micro White Paper July 2010 I. INTRODUCTION Enterprises increasingly recognize cloud

More information

Cloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE

Cloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE Cloud Security & Risk Management PRESENTATION AT THE OPEN GROUP CONFERENCE MARCH 2011 Image Area VARAD G. VARADARAJAN ENTERPRISE ARCHITECTURE COE COGNIZANT TECHNOLOGY SOLUTIONS For details please email:

More information

SECURE CLOUD COMPUTING

SECURE CLOUD COMPUTING Outline SECURE CLOUD COMPUTING Introduction (of many buzz words) References What is Cloud Computing Cloud Computing Infrastructure Security Cloud Storage and Data Security Identity Management in the Cloud

More information

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015 NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X

More information

A Review on Cloud Computing Vulnerabilities

A Review on Cloud Computing Vulnerabilities A Review on Cloud Computing Vulnerabilities Ms. Sugandha Nandedkar, Ms.Sangeeta Kakarwal Asst.Prof., Department of Computer Science and Engineering, DIEMS /Dr. BAMU, Aurangabad, MH, India. Prof. and HOD,

More information

Mobile Cloud Computing Security Considerations

Mobile Cloud Computing Security Considerations 보안공학연구논문지 (Journal of Security Engineering), 제 9권 제 2호 2012년 4월 Mobile Cloud Computing Security Considerations Soeung-Kon(Victor) Ko 1), Jung-Hoon Lee 2), Sung Woo Kim 3) Abstract Building applications

More information

Lecture 02a Cloud Computing I

Lecture 02a Cloud Computing I Mobile Cloud Computing Lecture 02a Cloud Computing I 吳 秀 陽 Shiow-yang Wu What is Cloud Computing? Computing with cloud? Mobile Cloud Computing Cloud Computing I 2 Note 1 What is Cloud Computing? Walking

More information

FACING SECURITY CHALLENGES

FACING SECURITY CHALLENGES 24 July 2013 TimeTec Cloud Security FACING SECURITY CHALLENGES HEAD-ON - by Mr. Daryl Choo, Chief Information Officer, FingerTec HQ Cloud usage and trend Cloud Computing is getting more common nowadays

More information

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING

SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING SECURITY IN SERVICE LEVEL AGREEMENTS FOR CLOUD COMPUTING Karin Bernsmed, Martin Gilje Jaatun SINTEF Information and Communication Technology, Trondheim, Norway Karin.Bernsmed@sintef.no, Martin.G.Jaatun@sintef.no

More information

Cloud Courses Description

Cloud Courses Description Cloud Courses Description Cloud 101: Fundamental Cloud Computing and Architecture Cloud Computing Concepts and Models. Fundamental Cloud Architecture. Virtualization Basics. Cloud platforms: IaaS, PaaS,

More information

Analysis of Cloud Computing Vulnerabilities

Analysis of Cloud Computing Vulnerabilities International Journal of Innovation and Scientific Research ISSN 2351-8014 Vol. 2 No. 2 Jun. 2014, pp. 308-312 2014 Innovative Space of Scientific Research Journals http://www.ijisr.issr-journals.org/

More information

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University

Cloud Computing: Opportunities, Challenges, and Solutions. Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University Cloud Computing: Opportunities, Challenges, and Solutions Jungwoo Ryoo, Ph.D., CISSP, CISA The Pennsylvania State University What is cloud computing? What are some of the keywords? How many of you cannot

More information

AEIJST - June 2015 - Vol 3 - Issue 6 ISSN - 2348-6732. Cloud Broker. * Prasanna Kumar ** Shalini N M *** Sowmya R **** V Ashalatha

AEIJST - June 2015 - Vol 3 - Issue 6 ISSN - 2348-6732. Cloud Broker. * Prasanna Kumar ** Shalini N M *** Sowmya R **** V Ashalatha Abstract Cloud Broker * Prasanna Kumar ** Shalini N M *** Sowmya R **** V Ashalatha Dept of ISE, The National Institute of Engineering, Mysore, India Cloud computing is kinetically evolving areas which

More information

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation

Securing the Cloud with IBM Security Systems. IBM Security Systems. 2012 IBM Corporation. 2012 2012 IBM IBM Corporation Corporation Securing the Cloud with IBM Security Systems 1 2012 2012 IBM IBM Corporation Corporation IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns

More information

Managing Cloud Computing Risk

Managing Cloud Computing Risk Managing Cloud Computing Risk Presented By: Dan Desko; Manager, Internal IT Audit & Risk Advisory Services Schneider Downs & Co. Inc. ddesko@schneiderdowns.com Learning Objectives Understand how to identify

More information

A REFERENCE ARCHITECTURE FOR CLOUD COMPUTING AND ITS SECURITY APPLICATIONS. Keiko Hashizume. A Dissertation Submitted to the Faculty of

A REFERENCE ARCHITECTURE FOR CLOUD COMPUTING AND ITS SECURITY APPLICATIONS. Keiko Hashizume. A Dissertation Submitted to the Faculty of A REFERENCE ARCHITECTURE FOR CLOUD COMPUTING AND ITS SECURITY APPLICATIONS by Keiko Hashizume A Dissertation Submitted to the Faculty of the College of Engineering and Computer Science in Partial Fulfillment

More information

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation

IBM Cloud Security Draft for Discussion September 12, 2011. 2011 IBM Corporation IBM Cloud Security Draft for Discussion September 12, 2011 IBM Point of View: Cloud can be made secure for business As with most new technology paradigms, security concerns surrounding cloud computing

More information

CLOUD COMPUTING SECURITY CONCERNS

CLOUD COMPUTING SECURITY CONCERNS CLOUD COMPUTING SECURITY CONCERNS ABSTRACT ASMA GULAM MOHAMED Saveetha School of Engineering Cloud computing is set of resources including data storage, programs and hardware offered through the Internet.

More information

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS

INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS INTRODUCTION TO CLOUD COMPUTING CEN483 PARALLEL AND DISTRIBUTED SYSTEMS CLOUD COMPUTING Cloud computing is a model for enabling convenient, ondemand network access to a shared pool of configurable computing

More information

What Cloud computing means in real life

What Cloud computing means in real life ITU TRCSL Symposium on Cloud Computing Session 2: Cloud Computing Foundation and Requirements What Cloud computing means in real life Saman Perera Senior General Manager Information Systems Mobitel (Pvt)

More information

International Journal of Advanced Research in Computer Science and Software Engineering

International Journal of Advanced Research in Computer Science and Software Engineering Volume 3, Issue 3, March 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Secure Broker

More information

Guideline on Implementing Cloud Identity and Access Management

Guideline on Implementing Cloud Identity and Access Management CMSGu2013-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Implementing Cloud Identity and Access Management National

More information

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS

A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS A SURVEY OF CLOUD COMPUTING: NETWORK BASED ISSUES PERFORMANCE AND ANALYSIS *Dr Umesh Sehgal, #Shalini Guleria *Associate Professor,ARNI School of Computer Science,Arni University,KathagarhUmeshsehgalind@gmail.com

More information

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures

IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures IaaS Cloud Architectures: Virtualized Data Centers to Federated Cloud Infrastructures Dr. Sanjay P. Ahuja, Ph.D. 2010-14 FIS Distinguished Professor of Computer Science School of Computing, UNF Introduction

More information

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS

Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Cloud Security: Evaluating Risks within IAAS/PAAS/SAAS Char Sample Security Engineer, Carnegie Mellon University CERT Information Security Decisions TechTarget Disclaimer Standard Disclaimer - This talk

More information

FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS

FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS International Journal of Computer Engineering and Applications, Volume VIII, Issue II, November 14 FEDERATED CLOUD: A DEVELOPMENT IN CLOUD COMPUTING AND A SOLUTION TO EDUCATIONAL NEEDS Saju Mathew 1, Dr.

More information

MDE Opportunities in Multi-Tenant Cloud Applications

MDE Opportunities in Multi-Tenant Cloud Applications MDE Opportunities in Multi-Tenant Cloud Applications Mohammad Abu Matar 1 and Jon Whittle 2 1 Etisalat British Telecom Innovation Center Khalifa University of Science, Technology and Research Abu Dhabi,

More information

Improving Web Application Security by Eliminating CWEs Weijie Chen, China INFSY 6891 Software Assurance Professor Dr. Maurice Dawson 15 December 2015

Improving Web Application Security by Eliminating CWEs Weijie Chen, China INFSY 6891 Software Assurance Professor Dr. Maurice Dawson 15 December 2015 Improving Web Application Security by Eliminating CWEs Weijie Chen, China INFSY 6891 Software Assurance Professor Dr. Maurice Dawson 15 December 2015 1 P a g e ABSTRACT This study examined improving web

More information

International Journal of Advance Research in Computer Science and Management Studies

International Journal of Advance Research in Computer Science and Management Studies Volume 2, Issue 11, November 2014 ISSN: 2321 7782 (Online) International Journal of Advance Research in Computer Science and Management Studies Research Article / Survey Paper / Case Study Available online

More information

Cloud Computing: Risks and Auditing

Cloud Computing: Risks and Auditing IIA Chicago Chapter 53 rd Annual Seminar April 15, 2013, Donald E. Stephens Convention Center @IIAChicago #IIACHI Cloud Computing: Risks Auditing Phil Lageschulte/Partner/KPMG Sailesh Gadia/Director/KPMG

More information

Secure Cloud Computing through IT Auditing

Secure Cloud Computing through IT Auditing Secure Cloud Computing through IT Auditing 75 Navita Agarwal Department of CSIT Moradabad Institute of Technology, Moradabad, U.P., INDIA Email: nvgrwl06@gmail.com ABSTRACT In this paper we discuss the

More information

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC

RE Think. IT & Business. Invent. IBM SmartCloud Security. Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC RE Think Invent IT & Business IBM SmartCloud Security Dr. Khaled Negm, SMIEEE, ACM Fellow IBM SW Global Competency Center Leader GCC 2014 IBM Corporation Some Business Questions Is Your Company is Secure

More information

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas

CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD. Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas CLOUD SECURITY SECURITY ASPECTS IN GEOSPATIAL CLOUD Guided by Prof. S. K. Ghosh Presented by - Soumadip Biswas PART 1 A brief Concept of cloud Issues in cloud Security Issues A BRIEF The Evolution Super

More information

Can Nuclear Installations and Research Centres Adopt Cloud Computing Platform?

Can Nuclear Installations and Research Centres Adopt Cloud Computing Platform? Can Nuclear Installations and Research Centres Adopt Cloud Computing Platform? Ameer PICHAN, Dr. Sie Teng SOH, A/Prof Mihai LAZARESCU School of Electrical Engineering and Computing, Curtin University,

More information

CHAPTER 8 CLOUD COMPUTING

CHAPTER 8 CLOUD COMPUTING CHAPTER 8 CLOUD COMPUTING SE 458 SERVICE ORIENTED ARCHITECTURE Assist. Prof. Dr. Volkan TUNALI Faculty of Engineering and Natural Sciences / Maltepe University Topics 2 Cloud Computing Essential Characteristics

More information

Clinical Trials in the Cloud: A New Paradigm?

Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo Clinical Trials in the Cloud: A New Paradigm? Marc Desgrousilliers CTO at Clinovo What is a Cloud? (1 of 3) "Cloud computing is a model for enabling convenient, on-demand

More information

Cloud Computing for SCADA

Cloud Computing for SCADA Cloud Computing for SCADA Moving all or part of SCADA applications to the cloud can cut costs significantly while dramatically increasing reliability and scalability. A White Paper from InduSoft Larry

More information

Data Integrity Check using Hash Functions in Cloud environment

Data Integrity Check using Hash Functions in Cloud environment Data Integrity Check using Hash Functions in Cloud environment Selman Haxhijaha 1, Gazmend Bajrami 1, Fisnik Prekazi 1 1 Faculty of Computer Science and Engineering, University for Business and Tecnology

More information

A Secure System Development Framework for SaaS Applications in Cloud Computing

A Secure System Development Framework for SaaS Applications in Cloud Computing A Secure System Development Framework for SaaS Applications in Cloud Computing Eren TATAR, Emrah TOMUR AbstractThe adoption of cloud computing is ever increasing through its economical and operational

More information

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION

PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION PLATFORM-AS-A-SERVICE: ADOPTION, STRATEGY, PLANNING AND IMPLEMENTATION White Paper May 2012 Abstract Whether enterprises choose to use private, public or hybrid clouds, the availability of a broad range

More information

Security in Cloud Computing - Vulnerabilities, Challenges, Models and path ahead

Security in Cloud Computing - Vulnerabilities, Challenges, Models and path ahead Security in Cloud Computing - Vulnerabilities, Challenges, Models and path ahead 1. Abstract By Anand Mukundan Bina Bhaskar Cloud computing security is an evolving sub-domain of computer security, network

More information

Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage

Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds. Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage Hey, You, Get Off of My Cloud! Exploring Information Leakage in Third-Party Clouds Thomas Ristenpart, Eran Tromer, Hovav Shacham, Stefan Savage UCSD MIT UCSD UCSD Today s talk in one slide Third-party

More information

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org

Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org Cloud Computing and Security Risk Analysis Qing Liu Technology Architect STREAM Technology Lab Qing.Liu@chi.frb.org 1 Disclaimers This presentation provides education on Cloud Computing and its security

More information

Cloud Computing: The Next Computing Paradigm

Cloud Computing: The Next Computing Paradigm Cloud Computing: The Next Computing Paradigm Ronnie D. Caytiles 1, Sunguk Lee and Byungjoo Park 1 * 1 Department of Multimedia Engineering, Hannam University 133 Ojeongdong, Daeduk-gu, Daejeon, Korea rdcaytiles@gmail.com,

More information

Keywords: Cloud; Security; privacy; multi-cloud; Application Partitioning; Tier Partitioning; Data Partitioning; Multi-party Computation.

Keywords: Cloud; Security; privacy; multi-cloud; Application Partitioning; Tier Partitioning; Data Partitioning; Multi-party Computation. An Secure Data Storage Multi Cloud Architecture Mr. Gajendrasing Chandel, Mr.Rajkumar R. Yadav Assistant Professor, Student M.Tech 2 nd Year Computer Science & Engineering, SSSIST, Sehor ABSTRACT In recent

More information

Framework for Cloud Usability

Framework for Cloud Usability Published in proceedings of HCI International 2015 Framework for Cloud Usability Brian Stanton 1, Mary Theofanos 1, Karuna P Joshi 2 1 National Institute of Standards and Technology, Gaithersburg, MD,

More information

Cloud Infrastructure Pattern

Cloud Infrastructure Pattern 1 st LACCEI International Symposium on Software Architecture and Patterns (LACCEI-ISAP-MiniPLoP 2012), July 23-27, 2012, Panama City, Panama. Cloud Infrastructure Pattern Keiko Hashizume Florida Atlantic

More information

Permanent Link: http://espace.library.curtin.edu.au/r?func=dbin-jump-full&local_base=gen01-era02&object_id=154091

Permanent Link: http://espace.library.curtin.edu.au/r?func=dbin-jump-full&local_base=gen01-era02&object_id=154091 Citation: Alhamad, Mohammed and Dillon, Tharam S. and Wu, Chen and Chang, Elizabeth. 2010. Response time for cloud computing providers, in Kotsis, G. and Taniar, D. and Pardede, E. and Saleh, I. and Khalil,

More information

Keywords Cloud computing, Cloud platforms, Eucalyptus, Amazon, OpenStack.

Keywords Cloud computing, Cloud platforms, Eucalyptus, Amazon, OpenStack. Volume 3, Issue 11, November 2013 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Cloud Platforms

More information

Cloud Computing Security Master Seminar, Summer 2011

Cloud Computing Security Master Seminar, Summer 2011 Cloud Computing Security Master Seminar, Summer 2011 Maxim Schnjakin, Wesam Dawoud, Christian Willems, Ibrahim Takouna Chair for Internet Technologies and Systems Definition of Cloud Computing 2 Cloud

More information

Security Model for VM in Cloud

Security Model for VM in Cloud Security Model for VM in Cloud 1 Venkataramana.Kanaparti, 2 Naveen Kumar R, 3 Rajani.S, 4 Padmavathamma M, 5 Anitha.C 1,2,3,5 Research Scholars, 4Research Supervisor 1,2,3,4,5 Dept. of Computer Science,

More information

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services

A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services A Study on Analysis and Implementation of a Cloud Computing Framework for Multimedia Convergence Services Ronnie D. Caytiles and Byungjoo Park * Department of Multimedia Engineering, Hannam University

More information

Cloud computing: benefits, risks and recommendations for information security

Cloud computing: benefits, risks and recommendations for information security Cloud computing: benefits, risks and recommendations for information security Dr Giles Hogben Secure Services Programme Manager European Network and Information Security Agency (ENISA) Goals of my presentation

More information